In all these scenarios for Trey Research, Adam, the Configuration Manager administrative user, has implemented out of band management throughout the Configuration Manager hierarchy. The desktop computers are AMT-based, meet all the prerequisites for out of band management, and are successfully provisioned for AMT.

The following scenario demonstrates how you can use out of band management to power on computers to install applications (or perform routine maintenance) without using traditional wake-up packets.

The marketing department at Trey Research has approved a request to install a nonstandard application on five computers. Adam has already created a collection for these five computers and a deployment to install the application as soon as possible. After he establishes a time period when no users have their computers turned on and will not be unduly inconvenienced, he performs the actions in the following table to power on the computers so that the application can be installed.

Process

More information

Adam locates the computers in the Assets and Compliance workspace of the Configuration Manager console, and then performs the following actions:

As a result of the preceding course of action, the application is installed outside business hours without sending wake-up packets over the network, without requiring that the computers remain turned on, or without requiring local access to the computers.

The following scenario demonstrates how you can use out of band management to power off computers when it is imperative that they do not remain running, but you cannot shut them down by normal means. Powering off computers should always be considered a last resort because it has the same effect as removing the power cable from the computer: the operating system does not shut down correctly, unsaved work is lost, and logged-on users do not receive any notice of the power off action.

Trey Research has an intrusion detection system that monitors suspicious activity on servers and the network. In the early hours of the morning, an alert is generated that indicates a security attack has occurred on one of the servers. Although the desktop computers are usually turned off at night, some users leave their computers turned on. These computers must be turned off immediately to safeguard them against the security threat.

To help protect the desktop computers from the security threat, a security administrator performs the actions that are outlined in the following table.

Process

More information

The security administrator identifies the desktop computers that are turned on and at risk and locates them in the Assets and Compliance workspace in the Configuration Manager console.

The following scenario demonstrates how you can use out of band management to re-image a nonfunctioning computer when other troubleshooting steps have failed.

Trey Research has a help desk policy that computer desktop issues that prevent business continuity must be resolved within a set period. No data is stored locally on the computers, so re-imaging these computers is the most efficient way to resolve these types of reported problems. However, in the past this has meant that a help desk engineer must visit the site, or the computer must be transported to and from the help desk location.

To more efficiently re-image a nonfunctioning computer, the help desk engineer proceeds with the course of action that is outlined in the following table.

Process

More information

The help desk engineer locates the computer in question in the Configuration Manager console and confirms that he cannot use Configuration Manager Remote Tools to connect to the client computer.

He clicks Power Control, selects the boot option for IDE redirection, and enters the network path to the image to reinstall the operating system, custom applications and settings, and the Configuration Manager client. Then he clicks Restart Computer.

Later that day, the engineer checks the status of the computer and confirms that it is working again as required. He closes the help desk ticket within the specified time limit.

Company-specific process.

As a result of the preceding course of action, the computer is efficiently re-imaged without requiring local access, although the operating system was not responding. This level of control helps resolve critical issues in a timely manner that ensures higher levels of business continuity for the company.

The following scenario demonstrates how you can use out of band management to configure BIOS settings for a desktop computer without requiring local access to the computer.

The help desk at Trey Research receives notification that two newly deployed computers do not start successfully. This is a custom build, and the engineer suspects that the BIOS settings are not correctly configured.

To check the BIOS settings without local access to the computer, the help desk engineer proceeds with the course of action outlined in the following table.

Process

More information

The help desk engineer locates the computer in question in the Assets and Compliance workspace of the Configuration Manager console, and connects to it by using the out of band management console.

The help desk engineer then performs the following actions for each computer in turn:

He clicks Power Control, selects the boot option for BIOS Setup, and then clicks Power On.

He clicks Serial Connection and waits for the BIOS settings to appear. When they do, he discovers that the wrong disk is configured for booting the computer. He makes the required change, and then saves the new BIOS settings.

The computer automatically restarts and successfully loads the operating system from the correct disk.

The following scenario demonstrates how you can use out of band management to run diagnostic commands and tools for a desktop computer that is not functioning (for example, the operating system stops responding or does not load) without requiring local access to the computer.

The help desk at Trey Research receives notification that a computer has stopped responding. To troubleshoot the computer, the help desk engineer proceeds with the course of action outlined in the following table.

Process

More information

The help desk engineer locates the computer in question in the Assets and Compliance workspace of the Configuration Manager console, and connects to it by using the out of band management console.

He clicks Power Control, selects the boot option for IDE redirection, specifies the path and file for a diagnostic tool in the IDE redirection path, and then clicks Restart Computer.

He clicks Serial Connection and waits for the computer to boot from the image that contains the diagnostic tool. By using the diagnostics, he discovers that the disk has a number of bad sectors. He selects the option to repair the bad sectors, and then exits the tool.

He clicks Power Control, clicks Restart Computer, and closes the out of band management console.

The following scenario demonstrates how you can use out of band management with software updates in Configuration Manager to help achieve higher success rates for installing software updates within a specified time frame.

Trey Research has a security policy that requires that all computers on the network running Windows have critical security software updates installed within two weeks of release. The installation of these software updates on servers has a 100 percent success rate, but the success rate on desktops is only 80 percent, although the Configuration Manager administrative user deployed them within one week after release. On investigation, the computers that do not have the software updates installed are turned off for various reasons—for example, because users are on vacation or sick leave or because the computers are not in everyday use and are turned on only when required for a specific application or process.

The security policy also prohibits sending wake-up packets over the network, but there is often not enough time to track down each computer, turn it on, and install the required software updates to meet the compliance deadline.

To help achieve the compliance levels in a timely and efficient fashion, Adam decides on the course of action outlined in the following table.

Process

More information

Adam enables Wake on LAN for the primary sites in the hierarchy and selects the Use AMT power on commands only option.

He reads the information in the documentation about the additional time that might be required to power on multiple computers and plans accordingly by creating different collections of computers so that software update deployments can be configured in batches.

Adam closely monitors the installation of the critical software updates. For the computers that have not yet installed them, he creates a new deployment that contains the software updates, but this time it is also configured for Wake on LAN. He targets this software update deployment in batches to the collections that he created.

As a result of the preceding course of action, critical software updates are installed on the majority of computers within one week. This leaves a comfortable margin of one more week to track down and correct the few desktop computers that still require the software update, perhaps because the computer was put into hibernation before it received the software update deployment or because there was no power for the computer.

By using the combination of software updates with a deadline for the majority of computers, Wake on LAN with power-on commands for the few computers that are turned off, and manual intervention for the minority of computers that remain noncompliant, Trey Research can now meet its compliance levels every month.